Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Is Zoom’s new privacy policy worth a damn? Proceed with caution, experts say

It’s a Zoom world, and we’re just living in it — but we may still be handing over our private data in the meantime. Use of the popular videoconferencing app Zoom has spiked as work has moved into people’s homes. According to the New York Times, the app saw 600,000 downloads in one day, and that was two weeks ago when COVID-induced lockdowns were just beginning to take effect. It’s no wonder the app has surged in popularity — it just works. Simply click on a link and have your meeting.

However, a recent investigation by Motherboard revealed Zoom’s iOS app was sending some data about users to Facebook, which was not made clear in the app’s privacy policy. Other investigations by The Intercept showed that the calls were not, in fact, end-to-end encrypted as the company claimed. People were inadvertently sharing their location, which device they were using, and advertising identification data. Even New York State Attorney General Letitia James is looking into the company’s privacy practices.

Zoom has since updated its iOS app to stop sending data to Facebook, as well as amended its privacy policy to add “clarifying updates” under the increased glare of media and public scrutiny. Among the changes: The company says “Customer Content” can no longer be used in ads, that video can only be saved at the request of a user, and the company also added details about the data it does collect.

Some experts said Zoom’s new policy does clarify and tighten up previously vague language regarding user data. This change is something the U.K.-based digital rights group ProPrivacy applauded, but still urged caution.

“Zoom is complying with the laws, but it will share your data with Google where it is lawful to do so,” wrote Jo O’Reilly, digital privacy advocate for ProPrivacy. “It does go so far as to point out, though, that this is not a ‘sale’ of your data in the sense that most of us use the word ‘sale’, a clear attempt to shake off the controversy.”

James Carder, the chief security officer of LogRhythm, a security intelligence company, wasn’t sold. “This is fairly boilerplate stuff,” Carder told Digital Trends. “When you read their privacy policy now, it sounds like they’re trying to avoid responsibility and put the onus on the customer. It’s more of a response of ‘hey, we’re doing the right thing! The problem isn’t with us!’”

What’s in Zoom’s new privacy policy

Zoom Meeting
Image used with permission by copyright holder

In a statement to Digital Trends, Zoom said “It’s important to note that the ‘new’ privacy policy does not reflect any changes in our practices, it simply makes clarifying updates to the language” (emphasis theirs). The spokesperson also said that the practice of Zoombombing is “unrelated to the new privacy policy.” Zoombombing is a trolling tactic wherein an unauthorized user will access a Zoom chat that isn’t secured with a password and act in a disruptive manner, for instance by playing an inappropriate, loud video or shouting white supremacist slogans. Zoom said they “strongly encourage hosts to review their settings.”

“The root issue is that people are accessing some form of data that they shouldn’t be accessing,” Carder said. “If I look at them releasing new privacy policy, I don’t think it’s addressing the root issue. I don’t see anything addressing security best practices, or what you could do with meetings that get Zoombombed. And this stuff is happening on every online collaboration platform.”

“When they came under scrutiny, they went back and reworked and clarified the policy dramatically to ease user minds,” said Eve Maler, interim chief technology officer of the a digital identity company ForgeRock. “And they did a good job. But they should have known better.”

Maler said she thought Zoom did a good job addressing some core concerns; compliance with child protection laws and medical privacy laws for instance. But she said she’s seen this “walk of shame” from CEOs before: A company’s lax privacy policy is discovered, the CEO feigns contrition under scrutiny and offers a non-apology statement, and then the policy is changed.

“Customers have gotten more savvy and cynical and privacy sensitive, and regulators have too. Enterprises have to understand that modern data privacy has changed,” Maler said. “We’ve seen enough of these executive ‘walks of shame,’ that they [Zoom] should have known that this would happen in this regulatory environment,”

Maler pointed to another dramatic instance of this exact pattern: Spotify in 2015. The music streaming app’s policy at the time allowed it to pretty much read a user’s entire phone. Users had inadvertently agreed to allow the app to view their Facebook posts, know their location, and see their contacts and photos. Spotify insisted there was a reasonable explanation, but CNN described the policy as “the opposite of private” and “creepy” and under the harsh glare of the media spotlight, the policy was amended.

“We don’t know the true intentions, but we’ve seen this happen before and people rightfully look askance at this exercise of power. Let’s just call it what it is,” Maler said. “They should have known that changing privacy policy in this environment will look like it was motivated by circumstances and newfound popularity. It’s not a good look.”

Editors' Recommendations

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Amazon the latest firm asking staff to work from home — if possible
gates foundation amazon care to fund coronavirus home kits for seattle residents headquarters washington

Amazon is the latest company in the tech world asking its employees to work from home.

The recommendation, made by the Seattle-based company on Thursday, March 12, is designed to help slow the spread of the coronavirus, formally known as COVID-19.

Read more
Microsoft may fix the most frustrating thing about Windows updates
Windows 11 updates are moving to once a year.

Most Windows users will agree that one of the most annoying things about the operating system is the updates. While Windows Updates are necessary, they often tend to come up at the worst possible time, interrupting work and gaming sessions with persistent reminders that the system needs to reboot. Microsoft might be fixing that problem in the upcoming Windows 11 24H2 build, but it's still too early to bid farewell to those ill-timed reboots.

As spotted in the latest Windows 11 Insider Preview Build 26058, Microsoft is testing "hot patching" for some Windows 11 updates. Hot patching refers to a dynamic method of updating that often doesn't change the software version and may not even need a restart. In the context of Windows 11, it's pretty straightforward -- Windows will install the update, and you won't have to reboot your system.

Read more
Texas airport to get a 420-pound security robot
Knightscope's K5 robot.

San Antonio International Airport in Texas is deploying a 420-pound autonomous robot to bolster its security operations.

The 5-foot-4-inch K5 robot, built by California-based Knightscope, will be rolled out in the next couple of months.

Read more